An IP address (also called an IP number) is a number (typically written as four numbers separated by periods, i.e. 107.4.1.3 or 84.2.1.111) which uniquely identifies a computer that is making use of the Internet. It is analogous to your telephone number in that the telephone network directs calls to your telephone using your telephone number. The IP address is used by the Internet to direct data to your computer, e.g. the data your web browser retrieves and displays when you surf the net.
It is important that each computer accessing the internet (or an intranet) has a unique IP address. One method of doing this is for a network administrator to individually assign an IP address to each computer that will make use of the network. This is a relatively cumbersome task especially in networks supporting a large number of computers. The task is complicated by the fact that if computers move to another location in another part of the network, a new IP address must be entered.
(Dynamic Host Configuration Protocol) (DHCP) is a protocol that lets network administrators manage centrally and automate the assignment of IP addresses in an organization's network. DHCP essentially lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network. The DHCP server grants the computer a period of time to use the IP address. This period of time is called the DHCP lease period. (It should be noted that this application has referred to computers but any number of other devices could be connected to a network and be assigned IP addresses—such devices might be referred to generically simply as devices and, when receiving an IP address from a DHCP server, as DHCP clients.)
Of course, from the standpoint of network management, this eases the burden on the network administrator significantly. Unfortunately, there is no longer a one-to-one association between particular computers and IP addresses.
DHCP does provide an authentication mechanism essentially by denying a user an IP address until the user has been authenticated. Thus, only users authorized to receive an IP address from the particular DHCP server will receive one. In essence, the user is authenticated. However, no mechanism is provided to applications to look up user identifiers based on known IP addresses or to look up IP addresses based on known user identifiers.
With the advent of certain technologies, such as Voice over IP and policy enabled networking, it would be useful to provide a trusted association between IP addresses and particular computers (and, even particular users). In these applications, routing and bandwidth considerations are based on source and destination addresses. These decisions require authenticated addresses; therefore, DHCP authentication of users is not an effective way to decide which users will get access to network services.
Thus, what is desired is an improved method and apparatus for authenticating computers/user and IP address pairs.
Directories of network users exist. For example, email systems typically include their own directories. The CCITT has adopted X.500 as a standard for directories on networks using TCP/IP networks. X.500 has been criticized as being too large. More recently, the Lightweight Directory Access Protocol (LDAP) has been proposed. The original specifications for LDAP were set forth in RFC 1487. More recently, LDAPv2 was defined in RFC 1777 and even more recently LDAPv3 has been defined in RFC 1487.
These directories include much information about network users. RFC 2256 provides a list of attributes to be stored in a standard LDAPv3 database. The LDAPv3database schema includes, for example, business names, post office addresses, telephone information, etc. However, the included information is relatively static information.
What is needed is to include dynamic information in a LDAP directory including, by way of example, IP address information.